windowsnerd.com

notes from an admin for himself. you can read it if you want.

Entries Comments


Custom Search






Logmein buys lastpass… time to go shopping for a replacement. Also Logmein is NOT HIPAA compliant

12 October, 2015 (07:44) | security

Anyone have an enterprise level password manager they recommend?

http://techcrunch.com/2015/10/09/logmein-acquires-password-management-software-lastpass-for-110-million/

Logmein is a scary company. Large price boosts with little warning, they lie about HIPAA compliance. The thing that makes me the most angry about Logmein is that they couldn’t just say NO. No we don’t meet the conduit exemption. No, we aren’t built for HIPAA data. Instead they have an employee in their forum trying to sell it like it is. I’m copy and pasting a bunch of data from their forum here in case they delete it or try to sue me for pointing out that they fail at HIPAA/HITECH.

Why is Logmein a fail on HIPAA/Hitech Omnibus compliance?

Logmein will not enter in to a Business Associate Agreement with you or your company. This means they take no legal responsibility for your patient data. It is also illegal. Once a 3rd party is informed they store, transport, touch patient data in the slightest they must sign a BAA and take responsibility for securing the data according to HITECH. The only exemption is for ISP’s called the conduit exemption. Logmein does not appear to have anything to do with being an ISP providing fiber lines to customers.

Their customer service is clueless, sales wouldn’t talk to me about it the last few times I tried.

No HITECH Omnibus compliance-

http://community.logmein.com/t5/Central/HIPAA-compliance-HITECH-Omnibus-BAA-available-yet/m-p/133037/highlight/true#M3974

Angi_Fro
New Contributor
Angi_Fro
Posts: 3
0
Accepted Solution HIPPA
Options
?04-25-2013 04:49 PM

The new HIPPA regs effective 9/2013 require those using remote access to have a Business Associate Agreenment (BAA) with the company providing remote access unless they are acting just as a conduit. Does anyone know if LogMeIn stores the data accessed in a data base or are they just a conduit for remote access?
Solved! Go to Solution.
Report Inappropriate Content
Message 1 of 6 (1,672 Views)

Sean_K
LogMeIn Contributor Sean_K
LogMeIn Contributor
Posts: 855
Topics: 40
Kudos: 26
Solutions: 36
Registered: ?04-05-2012
0
Re: HIPPA [ Edited ]
Options
?04-26-2013 07:04 AM – edited ?04-26-2013 07:27 AM

That depends on the definition of data as far as HIPAA is concerned.
Sean Keough
Product Specialist, LogMeIn Support
Report Inappropriate Content
Message 2 of 6 (1,667 Views)

Angi_Fro
New Contributor
Angi_Fro
Posts: 3
0
Re: HIPPA
Options
?04-26-2013 09:32 AM

data being patient private information
Report Inappropriate Content
Message 3 of 6 (1,659 Views)

Sean_K
LogMeIn Contributor Sean_K
LogMeIn Contributor
Posts: 855
Topics: 40
Kudos: 26
Solutions: 36
Registered: ?04-05-2012
0
Re: HIPPA [ Edited ]
Options
?04-26-2013 09:43 AM – edited ?04-26-2013 09:44 AM

Ah. That is not recorded by any of our logs.

We centrally log:

Access (Date/Time) to the account, and the IP from which the access occurred.
Access (Date/Time) to the computer, and the account and IP from which the access occurred.

Exactly what has been accessed during that session, we do not log.

Forced Screen Recording is possible, which would record what has been accessed within the Remote Session, but we do not store these in a Central location. They are stored in a place that the Host computer has access to.

Lastly, the logs of the sessions themselves are stored on the computers that were accessed.
Sean Keough
Product Specialist, LogMeIn Support
Report Inappropriate Content
Message 4 of 6 (1,657 Views)

Angi_Fro
New Contributor
Angi_Fro
Posts: 3
0
Re: HIPPA
Options
?04-27-2013 05:38 PM

Is that stated anywhere in writing where we could keep a copy for documentation?
Report Inappropriate Content
Message 5 of 6 (1,646 Views)

Sean_K
LogMeIn Contributor Sean_K
LogMeIn Contributor
Posts: 855
Topics: 40
Kudos: 26
Solutions: 36
Registered: ?04-05-2012
0
Solution! Re: HIPPA
Options
?04-29-2013 07:48 AM

This doc from our help site should outline everything important about HIPAA and LogMeIn.

https://secure.logmein.com/welcome/documentation/EN/pdf/common/LogMeIn_HIPAA.pdf

If you need something more, you could most likely get it by requesting it from a sales associate.
Sean Keough
Product Specialist, LogMeIn Support
Report Inappropriate Content
Message 6 of 6 (1,637 Views)

«

  »

Comments

Comment from Chris Miller
Time: November 27, 2015, 9:10 am

I have just been having this EXACT conversation with a provider that states they are HIPAA compliant – but it’s total BS as they wouldn’t sign a BAA either. Did some digging and came across this:

https://www.scrypt.com/documents/FactSheet_HIPAA_ConduitException.pdf

Perhaps you should send it to Sean – haha

Chris

Comment from TonnyFroli
Time: February 4, 2017, 10:12 pm

??????? ???????-?????????, ???????? ?????? ?? ??????, ???????-????????? ??? ??????? ?????????? (?????, ???????, ??????, ????????? ? ?.?.). ????? ?? ??????, ?????? ? ?????? ?????-??????????. ??????? ???????? ????? ??????, ?.?. ??????? ???? (??? ???? ? ??????). ???? ?????? ??????, ? ?? ??? ????????? – ?? ???? 500 ??????… ???? ?????? ?????, ?? ?? ????????? ???????? ? ??????????. ????? ?????, ??????? ???????? ???? ???????? ? ????????? ????????????? ?? ???????? (?????????????? ??? ????????????, ?? ????? ?????????). ???????, ?? ???????????, ?????? ????? ???????????? ? ????! ???: 89006501093

Write a comment